Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 863425 (CVE-2022-32292, CVE-2022-32293) - <net-misc/connman-1.42_pre20220801: multiple vulnerabilities
Summary: <net-misc/connman-1.42_pre20220801: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-32292, CVE-2022-32293
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-03 17:34 UTC by John Helmert III
Modified: 2023-10-31 06:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-03 17:34:52 UTC
CVE-2022-32292 (https://bugzilla.suse.com/show_bug.cgi?id=1200189):
https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

CVE-2022-32293 (https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/):
https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/
https://bugzilla.suse.com/show_bug.cgi?id=1200190

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution.

Patches upstream, but unreleased.
Comment 1 Larry the Git Cow gentoo-dev 2022-08-09 10:55:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1fe59ad759618bd9dfeefd69cf844cc377d78c1d

commit 1fe59ad759618bd9dfeefd69cf844cc377d78c1d
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2022-08-09 10:47:17 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2022-08-09 10:54:51 +0000

    net-misc/connman: add 1.42_pre20220801
    
    Bug: https://bugs.gentoo.org/863425
    
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest                        |   1 +
 net-misc/connman/connman-1.42_pre20220801.ebuild | 106 +++++++++++++++++++++++
 2 files changed, 107 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-10 04:41:42 UTC
Thanks Ben! Plese stabilize if you think it's appropriate; completely fine if not.
Comment 3 Larry the Git Cow gentoo-dev 2022-08-16 15:11:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f58f41039c03a297583f4dc86d1eee73c0bc9fc

commit 8f58f41039c03a297583f4dc86d1eee73c0bc9fc
Author:     Ben Kohler <bkohler@gentoo.org>
AuthorDate: 2022-08-16 15:09:25 +0000
Commit:     Ben Kohler <bkohler@gentoo.org>
CommitDate: 2022-08-16 15:10:09 +0000

    net-misc/connman: drop 1.41-r1
    
    Bug: https://bugs.gentoo.org/863425
    
    Signed-off-by: Ben Kohler <bkohler@gentoo.org>

 net-misc/connman/Manifest               |   1 -
 net-misc/connman/connman-1.41-r1.ebuild | 103 --------------------------------
 2 files changed, 104 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2023-10-31 06:25:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=31f2c2345585dd05f950ce51bc6b7227485938e0

commit 31f2c2345585dd05f950ce51bc6b7227485938e0
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-31 06:25:15 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-31 06:25:47 +0000

    [ GLSA 202310-21 ] ConnMan: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/832028
    Bug: https://bugs.gentoo.org/863425
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202310-21.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)